Duke Energy Customers Impacted by Breach at PayPal Acquisition

Following news that a breach occurred at TIO Networks, a company recently acquired by PayPal, PayPal recently announced that information on over 1 million customers may have been compromised. Duke Energy’s customers are among those impacted.

Data Breach Details

TIO Networks, the victim of the breach, is a payment processor who serves customers who pay utility and cable bills in cash at kiosks and walk-in locations.

The spokesman said the utility learned Nov. 10 of the potential breach.

Duke said customers who might be affected are those who paid bills by check or cash at one of the company’s 550 walk-in payment centers between 2008 and 2017.

While TIO Networks is offering free 12-month credit monitoring to affected customers, the impact to their customers is more immediate. Customers need to identify an alternate way to pay their bills while the TIO Network remains down. There is no timeline for restoring bill payment services.

Getting Breach Response Right

Duke Energy has done several things right in response to this breach affecting their customers, including:

Support for customers in making alternate payment arrangements. From their press release: Duke Energy Carolinas customers can continue to make payments in person at any Western Union location — an agreement that Duke Energy established shortly after TIO Networks suspended the payment system — or can pay by check, debit or credit card online.

Takeaways for Businesses

In a previous post, we talked about data security in the power sector. Protecting critical infrastructure is top of mind in this sector, but protecting consumer data is also a concern. Some takeaways for businesses include:

Understand the potential impact if your data or systems are compromised via others in your supply chain, and have a ready incident response plan in the event of a breach.

Use data from online monitoring software to baseline normal behavior and alert on suspicious activity that might indicate sensitive data is leaving the organization.

Be timely with the initial announcement to customers, provide detailed information regarding the impact to customers and steps customers should take, and be helpful and empathetic to make next steps easier for customers.

Marianna Noll is a Maryland-based writer with an interest in the impact that technology has on organizations and users. She writes about software, user adoption and engagement with software, and IT security.

Posts created: 105

Previous article2018 Cyber Security Predictions [Infographic]

Next articleIdentify and Mitigate Against the Professional Insider Attack